def test_update_role_definition(self, client_mock):
test_role_id = '2ac90824-b711-4809-bec9-4c85809d1111'
def _update_def(role_definition_id, scope, role_definition):
self.update_def_invoked = True
self.assertEqual(role_definition_id, test_role_id)
self.assertEqual(self.default_scope, scope)
self.assertEqual(role_definition.role_name, self.role_logical_name)
faked_role_client = mock.MagicMock()
client_mock.return_value = faked_role_client
faked_role_client.role_definitions.create_or_update = _update_def
faked_role_client.config.subscription_id = self.subscription_id
test_def = RoleDefinition(role_name=self.role_logical_name)
test_def.name = test_role_id
faked_role_client.role_definitions.list.return_value = [test_def]
_, role_definition_file = tempfile.mkstemp()
with open(role_definition_file, 'w') as f:
json.dump(self.sample_role_def, f)
role_definition_file = role_definition_file.replace('\\', '\\\\')
# action
cmd = mock.MagicMock()
cmd.cli_ctx = TestCli()
update_role_definition(cmd, role_definition_file)
# assert
self.assertTrue(self.update_def_invoked)
def test_update_role_definition(self, client_mock):
test_role_id = '2ac90824-b711-4809-bec9-4c85809d1111'
def _update_def(role_definition_id, scope, role_definition):
self.update_def_invoked = True
self.assertEqual(role_definition_id, test_role_id)
self.assertEqual(self.default_scope, scope)
self.assertEqual(role_definition.role_name, self.role_logical_name)
faked_role_client = mock.MagicMock()
client_mock.return_value = faked_role_client
faked_role_client.role_definitions.create_or_update = _update_def
faked_role_client.config.subscription_id = self.subscription_id
test_def = RoleDefinition(role_name=self.role_logical_name)
test_def.name = test_role_id
faked_role_client.role_definitions.list.return_value = [test_def]
_, role_definition_file = tempfile.mkstemp()
with open(role_definition_file, 'w') as f:
json.dump(self.sample_role_def, f)
role_definition_file = role_definition_file.replace('\\', '\\\\')
# action
cmd = mock.MagicMock()
cmd.cli_ctx = TestCli()
update_role_definition(cmd, role_definition_file)
# assert
self.assertTrue(self.update_def_invoked)
def create_role_definition(role_definition):
role_id = uuid.uuid4()
if os.path.exists(role_definition):
role_definition = get_file_json(role_definition)
else:
role_definition = json.loads(role_definition)
#to workaround service defects, ensure property names are camel case
names = [p for p in role_definition if p[:1].isupper()]
for n in names:
new_name = n[:1].lower() + n[1:]
role_definition[new_name] = role_definition.pop(n)
if not 'name' in role_definition:
raise CLIError("please provide 'name'")
if not 'assignableScopes' in role_definition:
raise CLIError("please provide 'assignableScopes'")
permission = Permission(actions=role_definition.get('actions', None),
not_actions=role_definition.get('notActions', None))
properties = RoleDefinitionProperties(role_name=role_definition['name'],
description=role_definition.get('description', None),
type=_CUSTOM_RULE,
assignable_scopes=role_definition['assignableScopes'],
permissions=[permission])
definition = RoleDefinition(name=role_id, properties=properties)
definitions_client = _auth_client_factory().role_definitions
return definitions_client.create_or_update(role_definition_id=role_id,
scope=properties.assignable_scopes[0],
role_definition=definition)
def _create_update_role_definition(cli_ctx, role_definition, for_update):
definitions_client = _auth_client_factory(cli_ctx).role_definitions
if os.path.exists(role_definition):
role_definition = get_file_json(role_definition)
else:
role_definition = shell_safe_json_parse(role_definition)
# to workaround service defects, ensure property names are camel case
names = [p for p in role_definition if p[:1].isupper()]
for n in names:
new_name = n[:1].lower() + n[1:]
role_definition[new_name] = role_definition.pop(n)
role_name = role_definition.get('name', None)
if not role_name:
raise CLIError("please provide role name")
if for_update: # for update, we need to use guid style unique name
scopes_in_definition = role_definition.get('assignableScopes', None)
scope = (scopes_in_definition[0] if scopes_in_definition else
'/subscriptions/' + definitions_client.config.subscription_id)
matched = _search_role_definitions(definitions_client, role_name,
scope)
if len(matched) != 1:
raise CLIError(
'Please provide the unique logic name of an existing role')
role_definition['name'] = matched[0].name
# ensure correct logical name and guid name. For update we accept both
role_name = matched[0].properties.role_name
role_id = matched[0].name
else:
role_id = _gen_guid()
if not for_update and 'assignableScopes' not in role_definition:
raise CLIError("please provide 'assignableScopes'")
permission = Permission(actions=role_definition.get('actions', None),
not_actions=role_definition.get(
'notActions', None))
properties = RoleDefinitionProperties(
role_name=role_name,
description=role_definition.get('description', None),
type=_CUSTOM_RULE,
assignable_scopes=role_definition['assignableScopes'],
permissions=[permission])
definition = RoleDefinition(name=role_id, properties=properties)
return definitions_client.create_or_update(
role_definition_id=role_id,
scope=properties.assignable_scopes[0],
role_definition=definition)
